Google has paid out $5,000 to a bug bounty hunter who discovered a serious vulnerability in the Google Cloud Platform.
Germany-based researcher Patrik Fehrenbach discovered that the Google Cloud Platform Console was plagued by a stored cross-site scripting (XSS) flaw.
The expert had signed up for a free 60-day trial on Google’s cloud platform and started testing all fields for XSS vulnerabilities. None of the payloads were triggered until two months later when Fehrenbach received a message from Google informing him that his trial period was ending.
In order to avoid charges, the researcher deleted his project, which was named “>
“For those unfamiliar, and the knowledge hungry, here’s how the payload gets reflected in the content of the site: the first quote and angle bracket,’>’ close the preceding HTML tag which allowed my injected